3

I ran the Trible DES Encryption in Java, with null IV (I have run cipher.getIV() method and indeed it's IV is null) and the same string ran the Triple DES Encryption in PHP with null IV, but I get a different result. Why is that?

Java Code:

private static final String model = "DESede/ECB/PKCS5Padding";
public static String desEncrypt(String message, String key) throws Exception {
    byte[] keyBytes = null;
    if(key.length() == 16){
        keyBytes = newInstance8Key(ByteUtil.convertHexString(key));
    } else if(key.length() == 32){
        keyBytes = newInstance16Key(ByteUtil.convertHexString(key));
    } else if(key.length() == 48){
        keyBytes = newInstance24Key(ByteUtil.convertHexString(key));
    }

    SecretKey deskey = new SecretKeySpec(keyBytes, "DESede");

    Cipher cipher = Cipher.getInstance(model);
    cipher.init(1, deskey);
    return ByteUtil.toHexString(cipher.doFinal(message.getBytes("UTF-8")));
}

PHP Code:

// composer require phpseclib/phpseclib
use phpseclib\Crypt\TripleDES;

function desEncrypt($str,$key){
    $cipher = new TripleDES();
    $cipher->setKey(hex2bin($key));

    $cryptText = $cipher->encrypt($str);

   return unpack("H*",$cryptText)[1];
}

I want to modify my PHP code to fit the Java Encryption Process,how should I do? where is the proplem?

Java Encrypt Result:

before: 622700300000
key: 0123456789ABCDEFFEDCBA98765432100123456789ABCDEF
after: c9aa8ebfcc12ce13e22a33b05d4c18cf

PHP Encrypt Result:

before: 622700300000
key: 0123456789ABCDEFFEDCBA98765432100123456789ABCDEF
after: a6e7a000d4ce79ac8b3db9f6acf73de3

Fixed PHP Code:

/**
 * Triple DES (ECB) Encryption Function
 * PKCS5Padding
 * 
 * @param string $message String needed to be encode
 * @param string $key Hex encoded key
 * @return string Hex Encoded
 */
function desEncrypt($message,$key){
    $cipher = new TripleDES(TripleDES::MODE_ECB);
    $cipher->setKey(hex2bin($key));

    $cryptText = $cipher->encrypt($message);

   return bin2hex($cryptText);
}
Gabriel Shell
  • 35
  • 7
  • Comments are not for extended discussion; this conversation has been [moved to chat](https://chat.stackoverflow.com/rooms/186580/discussion-on-question-by-gabriel-shell-why-did-the-result-of-des-encryption-exe). – Samuel Liew Jan 12 '19 at 07:04

1 Answers1

1

You forgot to hex decode the key before using it. You're also using CBC mode instead of ECB mode, but as your IV is all zero's, that amounts to the same thing for the first block of data that is encrypted.

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
  • I 've added a bin2hex() function to $key(I have update my post),but it seems still different from the result of Java code. – Gabriel Shell Jan 08 '19 at 12:14
  • Explicitly set the mode to ECB and remove the `setIV`. It won't do anything in ECB mode, but ECB mode doesn't use an IV. – Maarten Bodewes Jan 08 '19 at 12:16
  • Did you just use `bin2hex` instead of `hex2bin`? Really? – Maarten Bodewes Jan 08 '19 at 12:19
  • How can I set to mode to ECB in php? DES classes in phpseclib seems it only have phpseclib\Crypt\DES and phpseclib\Crypt\TripleDES method. – Gabriel Shell Jan 08 '19 at 12:20
  • You're welcome. I hope you are also able to unlearn because.... keys should not be strings, triple DES is deprecated, ECB mode is insecure, you need a transport protocol to secure data in transit, Pokemon exception handling is bad, stringifying code is bad, assigning null is bad, `if` instead of `switch` is bad, encoding to hex is bad (use base 64 *if* you want a string), using the `1` literal is bad - the Java code is basically trash... I can make 10 more comments about it easily... – Maarten Bodewes Jan 08 '19 at 12:34
  • You are awesome! How can you do so excellent both in Java and PHP – Gabriel Shell Jan 08 '19 at 12:44
  • Practice makes perfect (23 years experience programming). Stay vigilant - question everything. I'm not a PHP expert by any means. I know prog. language essentials and crypto. – Maarten Bodewes Jan 08 '19 at 13:03